[TLS] Ticket caching (was Re: tickets or sesssions or both (oh my))
Martin Thomson <martin.thomson@gmail.com> Wed, 03 September 2014 20:27 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35E9F1A0AE4 for <tls@ietfa.amsl.com>; Wed, 3 Sep 2014 13:27:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WrSe7WOnn4O3 for <tls@ietfa.amsl.com>; Wed, 3 Sep 2014 13:27:58 -0700 (PDT)
Received: from mail-lb0-x229.google.com (mail-lb0-x229.google.com [IPv6:2a00:1450:4010:c04::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE2F11A6F4B for <tls@ietf.org>; Wed, 3 Sep 2014 13:27:55 -0700 (PDT)
Received: by mail-lb0-f169.google.com with SMTP id l4so10335175lbv.14 for <tls@ietf.org>; Wed, 03 Sep 2014 13:27:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=lnp8xioj0lKRNU8yZ7Nl25cDhb+PMdnjPs/F6KMIhqE=; b=B2JR9U7PQ+ymS0WLlFc0L7V/85J280RVSWM+vKiQ/umkMfk2gyuh8tX8iPKSYCOlEC /D5uONT8Hs2GS543hcTDuG8op+l+KJmUHbZUYUZ1GndwxPARFL1OvXfci1BRaKXBMveg 5xs/CCuudha1l+74pVdTBYF9ogeSKrdhLVnNm/2eeEQ8Idm/EKeXKBwa85CzYMY/UX1U vF+larnOYkTT0jaHWPJsFg8V1nSrjWregIxdp8Hf7SICFwPpxXjHdAHi7u7bjLkarGzB V3OJSIulYlGCepg7DQYLZNDZ8L9HVP9Rpljh2eNKiK7ZAr9FnOkvMtxtek/IzK2lAs1I olRA==
MIME-Version: 1.0
X-Received: by 10.152.87.97 with SMTP id w1mr5282716laz.92.1409776074335; Wed, 03 Sep 2014 13:27:54 -0700 (PDT)
Received: by 10.25.166.75 with HTTP; Wed, 3 Sep 2014 13:27:54 -0700 (PDT)
Date: Wed, 03 Sep 2014 13:27:54 -0700
Message-ID: <CABkgnnUt7+0k7f6jRakknMXC0TugMRfuyXJ3xjNHVsQtzxRkYQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Karthikeyan Bhargavan <karthikeyan.bhargavan@inria.fr>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/bcS9z6bWJ-KsjsuJj-aPFVNwtAs
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: [TLS] Ticket caching (was Re: tickets or sesssions or both (oh my))
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Sep 2014 20:27:59 -0000
On 3 September 2014 13:12, Karthikeyan Bhargavan <karthikeyan.bhargavan@inria.fr> wrote: > The question is what is the identity of S that C should use when storing the ticket? > Can we give some recommendations? The only basis we really have is the identity that was originally sought. We still want to permit different certificates (if not different names), so knowing identity prior to committing the first flight is of marginal utility anyway. If an attacker can masquerade as a valid origin, then I don't think that we should be specifically concerned that it can produce tickets that cause it to access information. It's trivial to force that first flight to go anywhere, but you have to be able to decrypt it to gain any real advantage. The attack you describe requires one of a range of breaks: forcing identical master secrets, decrypting the session (not just finding a collision in the MAC), or breaking the previous session.
- Re: [TLS] Ticket caching (was Re: tickets or sess… Nico Williams
- [TLS] Ticket caching (was Re: tickets or sesssion… Martin Thomson
- Re: [TLS] Ticket caching (was Re: tickets or sess… Martin Thomson
- Re: [TLS] Ticket caching (was Re: tickets or sess… Viktor Dukhovni
- Re: [TLS] Ticket caching (was Re: tickets or sess… Nico Williams
- Re: [TLS] Ticket caching (was Re: tickets or sess… Martin Thomson
- Re: [TLS] Ticket caching (was Re: tickets or sess… Nico Williams
- Re: [TLS] Ticket caching (was Re: tickets or sess… Brian Sniffen
- Re: [TLS] Ticket caching (was Re: tickets or sess… Viktor Dukhovni
- Re: [TLS] Ticket caching (was Re: tickets or sess… Martin Thomson